A secure model for efficient live migration of containers

2019-09-01
Mavus, Zeynep
Angın, Pelin
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and the cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the minimum possible downtime. Live migration is also required for system maintenance, load balancing, and protecting services from attacks through moving target defense. While migrating a service, the system should not be vulnerable to attacks. In this work, we propose a secure model for efficient live migration of containers. Because the applications are isolated from each other while running in Docker containers, checkpointing method was used to generate required migration data. In our proposed model, we provide security of the migration data using secure authentication, and ensuring all connections between the nodes are protected to provide communication security, making the system protected against migration attacks. The efficiency of the migration system designed based on the proposed model has been proven on stateless and stateful sample applications. Experiments with applications running on the Docker container platform demonstrate that the proposed approach achieves significantly better performance than its virtual machine live migration counterpart.
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Suggestions

Secure model for efficient live migration of containers
Mavuş, Zeynep; Angın, Pelin; Department of Computer Engineering (2019)
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the mini...
A Novel SDN Dataset for Intrusion Detection in IoT Networks
Sarica, Alper Kaan; Angın, Pelin (2020-11-04)
The number of Internet of Things (IoT) devices and the use cases they aim to support have increased sharply in the past decade with the rapid developments in wireless networking infrastructures. Despite many advantages, the widespread use of IoT has also created a large attack surface frequently exploited by cyber criminals, requiring real-time, automated detection and mitigation of various attacks in the high-volume network traffic generated. Software-defined networking (SDN) and machine learning (ML) base...
An MTD-Based Self-Adaptive Resilience Approach for Cloud Systems
VİLLARREAL VASQUEZ, Miguel; BHARGAVA, Bharat; Angın, Pelin; AHMED, Norman; GOODWİN, Daniel; BRİN, Kory; KOBES, Jason (2017-06-30)
Advances in cloud computing have made it a feasible and cost-effective solution to improve the resiliency of enterprise systems. However, the replication approach taken by cloud computing to provide resiliency leads to an increase in the number of ways an attacker can exploit or penetrate the systems. This calls for designing cloud systems that can accurately detect anomalies and dynamically adapt themselves to keep performing mission-critical functions even under attacks and failures. In this paper, we pro...
A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing
Bhargava, Bharat; Angın, Pelin; Ranchal, Rohit; Lingayat, Sunil (2015-01-01)
The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds ma...
A Big Data Analytical Approach to Cloud Intrusion Detection
Gulmez, Halim Gorkem; Tuncel, Emrah; Angın, Pelin (null; 2018-06-30)
Advances in cloud computing in the past decade have made it a feasible option for the high performance computing and mass storage needs of many enterprises due to the low startup and management costs. Due to this prevalent use, cloud systems have become hot targets for attackers aiming to disrupt reliable operation of large enterprise systems. The variety of attacks launched on cloud systems, including zero-day attacks that these systems are not prepared for, call for a unified approach for real-time detect...
Citation Formats
Z. Mavus and P. Angın, “A secure model for efficient live migration of containers,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, pp. 21–44, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/38239.